[v7,0/8] Add vTPM 2.0 support to SLOF

Message ID	20200121200147.1002075-1-stefanb@linux.ibm.com
Headers	show Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Stefan Berger <stefanb@linux.ibm.com> To: slof@lists.ozlabs.org, aik@ozlabs.ru Date: Tue, 21 Jan 2020 15:01:39 -0500 Message-Id: <20200121200147.1002075-1-stefanb@linux.ibm.com> MIME-Version: 1.0 Subject: [SLOF] [PATCH v7 0/8] Add vTPM 2.0 support to SLOF Precedence: list Cc: kevin@koconnor.net, Stefan Berger <stefanb@linux.ibm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	Add vTPM 2.0 support to SLOF \| expand [v7,0/8] Add vTPM 2.0 support to SLOF [v7,1/8] slof: Implement SLOF_get_keystroke() and SLOF_reset() [v7,2/8] slof: Make linker script variables accessible [v7,3/8] qemu: Make print_version variable accessible [v7,4/8] tpm: Add TPM CRQ driver implementation [v7,5/8] tpm: Add sha256 implementation [v7,6/8] tcgbios: Add TPM 2.0 support and firmware API [v7,7/8] tcgbios: Implement menu to clear TPM 2 and activate its PCR banks [v7,8/8] tcgbios: Measure the GPT table

Message ID

20200121200147.1002075-1-stefanb@linux.ibm.com

Headers

From: Stefan Berger <stefanb@linux.ibm.com>
To: slof@lists.ozlabs.org, aik@ozlabs.ru
Date: Tue, 21 Jan 2020 15:01:39 -0500
Message-Id: <20200121200147.1002075-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
Subject: [SLOF] [PATCH v7 0/8] Add vTPM 2.0 support to SLOF
Precedence: list
Cc: kevin@koconnor.net, Stefan Berger <stefanb@linux.ibm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

Add vTPM 2.0 support to SLOF | expand

Message

Stefan Berger Jan. 21, 2020, 8:01 p.m. UTC

The following series of patches adds TPM support to SLOF.
In particular it adds the following:

- TPM driver for CRQ interface
- TPM 2.0 support; device initialization
- TPM logging area and firmware API to transfer it to the OS
- Some measurement code (Static Core Root Of Trust)
- TPM menu (accessible via 't' key during boot if TPM is available)
- Firmware API extensions following Power Firmware Doc

Having a vTPM attached to a VM provides the following benefits:

- enablement of trusted boot; this allow us to eventually extend the chain 
  of trust from the hypervisor to the guests
- enablement of attestation so that one can verify what software is 
  running on a machine
- provides TPM functionality to VMs, which includes a standardized 
  mechanism to store keys and other blobs
  (Linux trusted keys, GNU TLS's TPM extensions)

Regards,
    Stefan

v6->v7:
  - addressed reviewers' concerns
  - cleaned up FORTH code
  - Appended GPT partition measurement patch

v5->v6:
  - using ?dup where possible
  - upgraded to sha256

v4->v5:
  - Cut down code to only support TPM 2.0

v3->v4:
  - Added TPM 2.0 support

v2->v3:
  - Addressed Thomas Huth's comments.
  - Rearranged patches and merged some patches.
  - Followed some of the changes made by K. O'Connor (SeaBIOS).

v1->v2:
  - Addressed Nikunj's comments
  - Since last post in August I added 3 more patches to the end of the series
    and one in 13th place.

Stefan Berger (8):
  slof: Implement SLOF_get_keystroke() and SLOF_reset()
  slof: Make linker script variables accessible
  qemu: Make print_version variable accessible
  tpm: Add TPM CRQ driver implementation
  tpm: Add sha256 implementation
  tcgbios: Add TPM 2.0 support and firmware API
  tcgbios: Implement menu to clear TPM 2 and activate its PCR banks
  tcgbios: Measure the GPT table

 board-qemu/Makefile                 |    2 +-
 board-qemu/include/version.h        |   19 +
 board-qemu/slof/Makefile            |   13 +-
 board-qemu/slof/OF.fs               |    3 +
 board-qemu/slof/tree.fs             |    3 +
 board-qemu/slof/vio-vtpm-cdriver.fs |  105 +++
 board-qemu/slof/vtpm-sml.fs         |   82 ++
 include/helpers.h                   |    4 +
 lib/Makefile                        |    2 +-
 lib/libtpm/Makefile                 |   50 +
 lib/libtpm/Readme                   |   57 ++
 lib/libtpm/sha256.c                 |  214 +++++
 lib/libtpm/sha256.h                 |   20 +
 lib/libtpm/tcgbios.c                | 1361 +++++++++++++++++++++++++++
 lib/libtpm/tcgbios.h                |   36 +
 lib/libtpm/tcgbios_int.h            |  311 ++++++
 lib/libtpm/tpm.code                 |  171 ++++
 lib/libtpm/tpm.in                   |   30 +
 lib/libtpm/tpm_drivers.c            |  437 +++++++++
 lib/libtpm/tpm_drivers.h            |   82 ++
 slof/OF.h                           |   20 +
 slof/fs/packages/disk-label.fs      |   31 +
 slof/fs/start-up.fs                 |   12 +
 slof/helpers.c                      |   17 +
 24 files changed, 3077 insertions(+), 5 deletions(-)
 create mode 100644 board-qemu/include/version.h
 create mode 100644 board-qemu/slof/vio-vtpm-cdriver.fs
 create mode 100644 board-qemu/slof/vtpm-sml.fs
 create mode 100644 lib/libtpm/Makefile
 create mode 100644 lib/libtpm/Readme
 create mode 100644 lib/libtpm/sha256.c
 create mode 100644 lib/libtpm/sha256.h
 create mode 100644 lib/libtpm/tcgbios.c
 create mode 100644 lib/libtpm/tcgbios.h
 create mode 100644 lib/libtpm/tcgbios_int.h
 create mode 100644 lib/libtpm/tpm.code
 create mode 100644 lib/libtpm/tpm.in
 create mode 100644 lib/libtpm/tpm_drivers.c
 create mode 100644 lib/libtpm/tpm_drivers.h
 create mode 100644 slof/OF.h

Comments

Alexey Kardashevskiy Feb. 17, 2020, 1:06 a.m. UTC | #1

On 22/01/2020 07:01, Stefan Berger wrote:
> The following series of patches adds TPM support to SLOF.
> In particular it adds the following:
> 
> - TPM driver for CRQ interface
> - TPM 2.0 support; device initialization
> - TPM logging area and firmware API to transfer it to the OS
> - Some measurement code (Static Core Root Of Trust)
> - TPM menu (accessible via 't' key during boot if TPM is available)
> - Firmware API extensions following Power Firmware Doc
> 
> Having a vTPM attached to a VM provides the following benefits:
> 
> - enablement of trusted boot; this allow us to eventually extend the chain 
>   of trust from the hypervisor to the guests
> - enablement of attestation so that one can verify what software is 
>   running on a machine
> - provides TPM functionality to VMs, which includes a standardized 
>   mechanism to store keys and other blobs
>   (Linux trusted keys, GNU TLS's TPM extensions)



Thanks, applied.


> 
> Regards,
>     Stefan
> 
> v6->v7:
>   - addressed reviewers' concerns
>   - cleaned up FORTH code
>   - Appended GPT partition measurement patch
> 
> v5->v6:
>   - using ?dup where possible
>   - upgraded to sha256
> 
> v4->v5:
>   - Cut down code to only support TPM 2.0
> 
> v3->v4:
>   - Added TPM 2.0 support
> 
> v2->v3:
>   - Addressed Thomas Huth's comments.
>   - Rearranged patches and merged some patches.
>   - Followed some of the changes made by K. O'Connor (SeaBIOS).
> 
> v1->v2:
>   - Addressed Nikunj's comments
>   - Since last post in August I added 3 more patches to the end of the series
>     and one in 13th place.
> 
> Stefan Berger (8):
>   slof: Implement SLOF_get_keystroke() and SLOF_reset()
>   slof: Make linker script variables accessible
>   qemu: Make print_version variable accessible
>   tpm: Add TPM CRQ driver implementation
>   tpm: Add sha256 implementation
>   tcgbios: Add TPM 2.0 support and firmware API
>   tcgbios: Implement menu to clear TPM 2 and activate its PCR banks
>   tcgbios: Measure the GPT table
> 
>  board-qemu/Makefile                 |    2 +-
>  board-qemu/include/version.h        |   19 +
>  board-qemu/slof/Makefile            |   13 +-
>  board-qemu/slof/OF.fs               |    3 +
>  board-qemu/slof/tree.fs             |    3 +
>  board-qemu/slof/vio-vtpm-cdriver.fs |  105 +++
>  board-qemu/slof/vtpm-sml.fs         |   82 ++
>  include/helpers.h                   |    4 +
>  lib/Makefile                        |    2 +-
>  lib/libtpm/Makefile                 |   50 +
>  lib/libtpm/Readme                   |   57 ++
>  lib/libtpm/sha256.c                 |  214 +++++
>  lib/libtpm/sha256.h                 |   20 +
>  lib/libtpm/tcgbios.c                | 1361 +++++++++++++++++++++++++++
>  lib/libtpm/tcgbios.h                |   36 +
>  lib/libtpm/tcgbios_int.h            |  311 ++++++
>  lib/libtpm/tpm.code                 |  171 ++++
>  lib/libtpm/tpm.in                   |   30 +
>  lib/libtpm/tpm_drivers.c            |  437 +++++++++
>  lib/libtpm/tpm_drivers.h            |   82 ++
>  slof/OF.h                           |   20 +
>  slof/fs/packages/disk-label.fs      |   31 +
>  slof/fs/start-up.fs                 |   12 +
>  slof/helpers.c                      |   17 +
>  24 files changed, 3077 insertions(+), 5 deletions(-)
>  create mode 100644 board-qemu/include/version.h
>  create mode 100644 board-qemu/slof/vio-vtpm-cdriver.fs
>  create mode 100644 board-qemu/slof/vtpm-sml.fs
>  create mode 100644 lib/libtpm/Makefile
>  create mode 100644 lib/libtpm/Readme
>  create mode 100644 lib/libtpm/sha256.c
>  create mode 100644 lib/libtpm/sha256.h
>  create mode 100644 lib/libtpm/tcgbios.c
>  create mode 100644 lib/libtpm/tcgbios.h
>  create mode 100644 lib/libtpm/tcgbios_int.h
>  create mode 100644 lib/libtpm/tpm.code
>  create mode 100644 lib/libtpm/tpm.in
>  create mode 100644 lib/libtpm/tpm_drivers.c
>  create mode 100644 lib/libtpm/tpm_drivers.h
>  create mode 100644 slof/OF.h
>